CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scrip...

GHSA-P4F6-H8JJ-VFVF Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scrip...

EUVD-2026-0035

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type...

CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45286

CVE-2025-45286 : A cross-site scripting (XSS) vulnerability affects the Go-based web framework/application mccutchen httpbin version 2.17.1 . The issue allows an attacker to inject arbitrary web scripts or HTML via a crafted payload. According to the CVE metadata, the attack vector is network-bas...

EUVD-2025-7205

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

go-httpbin 安全漏洞

go-httpbin is a port framework by Will McCutchen, an individual developer. A security vulnerability exists in go-httpbin version v2.17.1, which stems from vulnerability to cross-site scripting attacks...

CVE-2025-45286

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2026-1070

Name of the Vulnerable Software and Affected Versions mccutchen httpbin version 2.17.1 Description A cross-site scripting XSS issue exists in mccutchen httpbin. This allows attackers to execute arbitrary web scripts or HTML using a specially crafted payload. The vulnerability impacts the...

SUSE CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

careful (>=0.1.0 <=0.2.0), dxh-test-package (=1.1.2) +7 more potentially affected by CVE-2025-15095 via httpbin (=0.10.2)

httpbin PYPI version =0.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on httpbin and may be impacted: - careful =0.1.0, =0.1.4, =0.1.6, =0.3.2, =0.0.1, =0.7.1, =2.2.1, =2.7.5 Source cves: CVE-2025-15095 Source advisory: SNYK:PYTHON-HTTPBIN-14723357...

Cross-site Scripting (XSS)

Overview httpbin is a HTTP Request and Response Service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the endpoint /base64 which does not encode user-controllable parameters when outputting them on the current page. An attacker can inject and execute arbitrary...

CVE-2025-15095

CVE-2025-15095 affects postmanlabs httpbin up to 0.6.1. The flaw is in httpbin-master/httpbin/core.py, enabling cross-site scripting via manipulated input. Exploitation is remote and publicly disclosed. Multiple sources confirm the vulnerability, but remediation notes vary and, in at least one en...

CVE-2025-15095 postmanlabs httpbin core.py cross site scripting

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...